CN103795622A - Message forwarding method and device using same - Google Patents
Message forwarding method and device using same Download PDFInfo
- Publication number
- CN103795622A CN103795622A CN201410029683.3A CN201410029683A CN103795622A CN 103795622 A CN103795622 A CN 103795622A CN 201410029683 A CN201410029683 A CN 201410029683A CN 103795622 A CN103795622 A CN 103795622A
- Authority
- CN
- China
- Prior art keywords
- message
- service processing
- stream rule
- virtual switch
- processing board
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a message forwarding method and a device using the same. The method includes the steps that when a first virtual switch receives a message, the first virtual switch inquires a first type stream rule stored by the first virtual switch according to the message, and when the corresponding first type stream rule is matched, the message is forwarded to a corresponding service processing plate according to the first type stream rule; when the service processing plate receives the message and carries out service layer processing on the message, the service processing plate inquires a second type stream rule stored by the service processing plate according to the message undergoing service layer processing, and when the corresponding second type stream rule is matched, and the message which undergoes service layer processing is forwarded from an external port corresponding to the second type stream rule. According to the message forwarding method and the device using the message forwarding method, message forwarding efficiency of virtual equipment on a virtual platform is improved.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of message forwarding method and device thereof.
Background technology
Along with the rise of Intel Virtualization Technology, the network equipment based on virtual platform has been released in numerous network equipments commercial city, as virtual router, virtual switch, virtual firewall etc.How to improve the message repeating efficiency of virtual unit on virtual platform and become the problem that each manufacturer need to solve.
Take distributed virtual router as example, in prior art, for distributed virtual router, there is I/O plate and FW plate, I/O plate is responsible for transceiving data, shunting (levelling is all assigned to each FW plate), and FW plate is responsible for processing and E-Packeting.All stream all must arrive first entrance I/O plate, then through the FW plate I/O plate that finds an exit, a stream need to just can complete repeating process through 8 transmissions, and its schematic diagram can be as shown in Figure 1; Wherein, Hypervisor is virtual platform (as VMware(virtual machine)) provide one can realize the level of abstraction of operating system and application program and the isolation of bottom hardware computational resource.It can effectively alleviate the traditional dependence of software to hardware device and driving.Can create virtual switch by Hypervisor, divide network, the network annexation between planning virtual unit.
Realizing in process of the present invention, inventor finds at least to exist in prior art following problem:
In prior art, the message repeating efficiency of virtual unit on virtual platform is lower.
Summary of the invention
The invention provides a kind of message forwarding method and device thereof, in order to improve the message repeating efficiency of virtual unit on virtual platform.
In order to reach above object, the embodiment of the present invention provides a kind of message forwarding method, be applied to and comprise first interface plate, service processing board, the second interface board, the first virtual switch, the second virtual switch, and the virtual unit of the 3rd virtual switch, described first interface plate is for receiving external data by the first virtual switch, described the second interface board is for forwarding data after treatment described service processing board by the 3rd virtual switch to outside, described the second virtual switch is for described first interface plate, internal data between the second interface board and service processing board forwards, the method comprises:
In the time that the first virtual switch receives message, described the first virtual switch is according to the first kind stream rule of this message inquiry self storage, and in the time matching corresponding first kind stream rule, forward the packet to corresponding service processing board according to this first kind stream rule;
When service processing board receives message, and this message is carried out after operation layer processing, described service processing board is according to the Second Type stream rule of the described inquiry of the message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule.
Wherein, the method also comprises:
In the time that described the first virtual switch does not match corresponding first kind stream rule according to the message receiving, described the first virtual switch forwards the packet to first interface plate, by described first interface plate, this message is encapsulated as to built-in message, and is transmitted to corresponding service processing board by inner port;
The service processing board that receives described built-in message obtains the media interviews control MAC Address of the external port of the first interface plate carrying in described built-in message, and the MAC Address of the first external port of two layers of this service processing board that can reach of external port of definite and described first interface plate;
This service processing board is according to the MAC Address of the heading of the original message carrying in described built-in message and described the first external port, generate corresponding first kind stream rule, the identification information that comprises the data flow corresponding for original message described in unique identification in this first kind stream rule, and the MAC Address of described the first external port;
This service processing board sends to described the first virtual switch by this first kind stream rule by described the first external port, so that described the first virtual switch is stored this first kind stream rule.
Wherein, when described service processing board sends to described the first virtual switch by this first kind stream rule by described the first external port, described service processing board sends this first kind to described the first virtual switch and flows regular time-out time simultaneously, so that described the first virtual switch is regular when overtime at this first kind stream, delete this first kind stream rule of self storage.
Wherein, the method also comprises:
In the time that described service processing board does not match corresponding Second Type stream rule according to the described message through operation layer processing, described service processing board is encapsulated as built-in message by described through operation layer message after treatment, and is transmitted to the second corresponding interface board by inner port;
The second interface board that receives described built-in message obtains the media interviews control MAC Address of the external port of the second interface board carrying in described built-in message, and the MAC Address of the second external port of two layers of described service processing board that can reach of external port of definite and this second interface board;
This second interface board is according to the described MAC Address through operation layer message after treatment and described the second external port of carrying in described built-in message, generate corresponding Second Type stream rule, in this Second Type stream rule, comprise for the identification information through data flow corresponding to operation layer message after treatment described in unique identification, and the MAC Address of described the second external port;
This Second Type stream rule is sent to described service processing board by this second interface board, so that described service processing board is stored this Second Type stream rule.
Wherein, when this Second Type stream rule is sent to described service processing board by described the second interface board, described the second interface board sends this Second Type to described service processing board and flows regular time-out time simultaneously, so that described service processing board is regular when overtime at this Second Type stream, delete this Second Type stream rule of self storage.
The embodiment of the present invention also provides a kind of virtual unit, comprise first interface plate, service processing board, the second interface board, the first virtual switch, the second virtual switch, and the 3rd virtual switch, wherein, described first interface plate is for receiving external data by the first virtual switch, described the second interface board is for forwarding data after treatment described service processing board by the 3rd virtual switch to outside, described the second virtual switch forwards for the internal data between described first interface plate, the second interface board and service processing board
Described the first virtual switch is used for, regular according to the first kind stream of this message inquiry self storage in the time receiving message, and in the time matching corresponding first kind stream rule, give corresponding service processing board according to this first kind stream rule by this first message repeating;
Described service processing board is used for, when receiving message, and this message is carried out after operation layer processing, according to the Second Type stream rule of the described inquiry of the message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule.
Wherein, described the first virtual switch also for, when do not match corresponding first kind stream rule according to the message that receives, forward the packet to first interface plate, by described first interface plate, this message is encapsulated as to built-in message, and is transmitted to corresponding service processing board by inner port;
Described service processing board also for, in the time receiving described built-in message, obtain the media interviews control MAC Address of the external port of the first interface plate carrying in described built-in message, and the MAC Address of the first external port of two layers of described service processing board that can reach of external port of definite and described first interface plate; According to the MAC Address of the heading of the original message carrying in described built-in message and described the first external port, generate corresponding first kind stream rule, the identification information that comprises the data flow corresponding for original message described in unique identification in this first kind stream rule, and the MAC Address of described the first external port; This first kind stream rule is sent to described the first virtual switch by described the first external port, so that described the first virtual switch is stored this first kind stream rule.
Wherein, described service processing board also for, in the time that this first kind stream rule is sent to described the first virtual switch by described the first external port, send this first kind to described the first virtual switch and flow regular time-out time simultaneously, so that described the first virtual switch is regular when overtime at this first kind stream, delete this first kind stream rule of self storage.
Wherein, described service processing board also for, when do not match corresponding Second Type stream rule according to the described message through operation layer processing, be encapsulated as built-in message by described through operation layer message after treatment, and be transmitted to the second corresponding interface board by inner port;
Described the second interface board is used for, in the time receiving described built-in message, obtain the media interviews control MAC Address of the external port of the second interface board carrying in described built-in message, and the MAC Address of the second external port of two layers of described service processing board that can reach of external port of definite and described the second interface board; According to the described MAC Address through operation layer message after treatment and described the second external port of carrying in described built-in message, generate corresponding Second Type stream rule, in this Second Type stream rule, comprise for the identification information through data flow corresponding to operation layer message after treatment described in unique identification, and the MAC Address of described the second external port; This Second Type stream rule is sent to described service processing board, so that described service processing board is stored this Second Type stream rule.
Wherein, described the second interface board also for, in the time that this Second Type stream rule is sent to described service processing board, send this Second Type to described service processing board and flow regular time-out time simultaneously, so that described service processing board is regular when overtime at this Second Type stream, delete this Second Type stream rule of self storage.
In the above embodiment of the present invention, in the time that the first virtual switch receives message, this first virtual switch is according to the first kind stream rule of this message inquiry self storage, and in the time matching corresponding first kind stream rule, give corresponding service processing board according to this first kind stream rule by this first message repeating; When service processing board receives message, and this message is carried out after Business Processing, service processing board is according to the Second Type stream rule of this inquiry of message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule, improved the message repeating efficiency of virtual unit on virtual platform.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of the general forwarding process of virtual router of the prior art;
The schematic flow sheet of a kind of message forwarding method that Fig. 2 provides for the embodiment of the present invention;
The schematic diagram of a kind of virtual router message forwarding method that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of virtual unit that Fig. 4 provides for the embodiment of the present invention.
Embodiment
For the problem of above-mentioned prior art, the embodiment of the present invention provides a kind of technical scheme of message repeating, be applied to and comprise first interface plate, service processing board, the second interface board, the first virtual switch, the second virtual switch, and the virtual unit of the 3rd virtual switch, this first interface plate is for receiving external data by the first virtual switch, the second interface board is for forwarding data after treatment service processing board by the 3rd virtual switch to outside, the second virtual switch is for first interface plate, internal data between the second interface board and service processing board forwards.In this technical scheme, in the time that the first virtual switch receives message, this first virtual switch is according to the first kind stream rule of this message inquiry self storage, and in the time matching corresponding first kind stream rule, give corresponding service processing board according to this first kind stream rule by this first message repeating; When service processing board receives message, and this message is carried out after Business Processing, service processing board is according to the Second Type stream rule of this inquiry of message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule, improved the message repeating efficiency of virtual unit on virtual platform.
Below in conjunction with the accompanying drawing in embodiments of the invention, the technical scheme in embodiments of the invention is carried out to clear, complete description, obviously, the embodiments described below are only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills are not paying the every other embodiment obtaining under creative work prerequisite, all belong to the scope of embodiments of the invention protection.
As shown in Figure 2, the schematic flow sheet of a kind of message forwarding method providing for the embodiment of the present invention, can comprise the following steps:
Concrete, in embodiments of the present invention, in the time that the first virtual switch receives message, the first virtual switch needs first according to the first kind stream rule of this message inquiry self storage, to determine self whether the storing first kind stream rule of mating with this message.
In the time matching corresponding first kind stream rule in the first kind stream rule that the first virtual switch is stored at self according to this message, the first virtual switch forwards the packet to corresponding service processing board according to this first kind stream rule, in this case, this message does not need to be transmitted to service processing board through first interface plate again, but can directly be transmitted to service processing board by the external port of service processing board by the first virtual switch.
In the time not matching corresponding first kind stream rule in the first kind stream rule that the first virtual switch is stored at self according to this message, the first virtual switch needs this message to be first transmitted to first interface plate, by first interface plate, this message is encapsulated as to built-in message, and this built-in message is transmitted to corresponding service processing board by inner port.
The service processing board that receives this built-in message can obtain the MAC(Media Access Control of the external port of the first interface plate carrying in this built-in message.Media interviews control) address, and the MAC Address of the first external port of two layers of this service processing board that can reach of external port of definite and this first interface plate, getting after the MAC Address of this first external port, service processing board can be according to the MAC Address of the heading of the original message carrying in the built-in message receiving and this first external port, generate corresponding first kind stream rule, in this first kind stream rule, include the identification information of the data flow corresponding for this original message of unique identification, and the MAC Address of this first external port.Service processing board generates after first kind stream rule, and this first kind stream rule is sent to the first virtual switch by the first external port.
The first virtual switch receives after this first kind stream rule, store this first kind stream rule, and in the time receiving with the message of this first kind stream rule match (subsequent packet of the data flow that the identification information that comprises in this first kind stream rule is corresponding) in follow-up flow process, directly be transmitted to service processing board by this first external port, to improve forward efficiency.
Preferably, in embodiments of the present invention, service processing board is generating first kind stream rule, and when this first kind stream rule is sent to the first virtual switch by the first external port, service processing board can send this first kind to the first virtual switch and flow regular time-out time simultaneously, so that the first virtual switch is regular when overtime at this first kind stream, delete this first kind stream rule of self storage.
Concrete, in embodiments of the present invention, in the time that service processing board receives message, this service processing board first carries out operation layer processing to this message, and after operation layer is finished dealing with, according to the Second Type stream rule of this inquiry of message through operation layer processing self storage, to determine self whether the storing Second Type stream rule of mating with the message of this process operation layer processing.
In the time matching corresponding Second Type stream rule in the Second Type stream rule that service processing board is stored at self according to the message of this process operation layer processing, this service processing board forwards this message through operation layer processing from external port corresponding to this Second Type stream rule, in this case, the message of this process operation layer processing does not need to forward to outside through the second interface board again, but can directly be forwarded to outside by external port by service processing board.
In the time not matching corresponding Second Type stream rule in the Second Type stream rule that service processing board is stored at self according to the message of this process operation layer processing, this process operation layer message after treatment is encapsulated as built-in message by this service processing board, and be transmitted to the second corresponding interface board by inner port.
The second interface board that receives this built-in message obtains the MAC Address of the external port of the second interface board carrying in this built-in message, and the MAC Address of the second external port of two layers of service processing board that can reach of external port of definite and this second interface board.Determining after the MAC Address of this second external port, this second interface board can be according to the above-mentioned MAC Address through operation layer message after treatment and this second external port of carrying in this built-in message, generate corresponding Second Type stream rule, the identification information that comprises the data flow corresponding for this process operation layer of unique identification message after treatment in this Second Type stream rule, and the MAC Address of this second external port.The second interface board generates after Second Type stream rule, and this Second Type stream rule is sent to corresponding service processing board.
Service processing board receives after this Second Type stream rule, store this Second Type stream rule, and in the time receiving with the message of this Second Type stream rule match (subsequent packet of the data flow that the identification information that comprises in this Second Type stream rule is corresponding) in follow-up flow process, directly forward to outside by the second external port, further improve forward efficiency.
Preferably, in embodiments of the present invention, the second interface board is generating Second Type stream rule, and when this Second Type stream rule is sent to service processing board, this second interface board can send this Second Type to service processing board and flow regular time-out time simultaneously, so that service processing board is regular when overtime at this Second Type stream, delete this Second Type stream rule of self storage.
In order to make those skilled in the art understand better the technical scheme that the embodiment of the present invention provides, the technical scheme embodiment of the present invention being provided below in conjunction with concrete application scenarios is described.
In this embodiment, take virtual unit as distributed virtual router is as example, the structural representation of this distributed virtual router can be referring to Fig. 1.Wherein, the plate of VM1I/O shown in Fig. 1 (an I/O plate) is first interface plate, and VM2FW plate is service processing board, and VM3I/O plate (the 2nd I/O plate) is the second interface board; VSwitch1, vSwitch2, vSwitch3 are respectively the first virtual switch, the second virtual switch, the 3rd virtual switch, and Physical NIC1 and Physical NIC2 are physical network card.
In this embodiment, the flow process of message repeating can be divided into data flow first packet flow process, and the subsequent packet flow process of same data flow, is described respectively below:
1, data flow first packet flow process
A), the first virtual switch receives the message from physical network card Physical NIC1, if this message is data flow first packet, the first virtual switch flows rule (vSwitch flow rule) by inquiry less than the first kind of coupling according to this message, now, the first virtual machine switch, according to existing handling process, forwards the packet to an I/O plate;
B), the one I/O plate receives after this message, according to forwarding strategy, (forwarding strategy can be the stream parameter to this message, as source IP address, object IP address, source MAC, target MAC (Media Access Control) address etc., carry out HASH(hash) calculate) corresponding FW plate (being in this embodiment the VM2FW plate shown in Fig. 1) found, this message is encapsulated as to built-in message, and (form of this built-in message can be: before former message, add two layers of built-in message head, target MAC (Media Access Control) address is the MAC Address of the inner port that FW plate is corresponding, source MAC is the MAC Address of the inner port of an I/O plate, protocol number is the proprietary protocol number that built-in message uses, protocol contents is the MAC Address that an I/O plate receives the external port of this message), and this built-in message is sent to corresponding FW plate by the inner port of an I/O plate via the second virtual switch,
C), FW plate receives after this built-in message, this message is resolved, get the MAC Address of the external port of an I/O plate, and according to the MAC Address of the external port of an I/O plate, search the MAC Address with the external port (the first external port) of two layers of FW plate that can reach of external port of an I/O plate, MAC Address by the first external port of the original message carrying in this built-in message (message that the first virtual switch receives) and the FW plate that finds generates a corresponding vSwitch stream rule, the identification information that comprises the data flow corresponding for this original message of unique identification in this vSwitch stream rule is (as the source IP address of this data flow, object IP address, source MAC, object IP address, the five-tuple of protocol number composition, but be not limited to this, lower same), and the MAC Address of the first external port of FW plate.FW plate sends corresponding virtual switch (i.e. the first virtual switch) by this vSwitch rule by the first external port of FW plate.Then message is removed after built-in message head, transferred to operation layer processing.Because this message is data flow first packet, therefore, FW buttress flows rule (FW flow rule) by inquiry less than the Second Type of coupling according to the message through operation layer processing, now, after operation layer is handled, by be again encapsulated as built-in message through the message of operation layer processing, (form of built-in message can be to add two layers of built-in message head before the message through operation layer processing to FW plate, target MAC (Media Access Control) address is the MAC Address of the corresponding inner port of the 2nd I/O plate, source MAC is the MAC Address of the inner port of FW plate, protocol number is the proprietary protocol number that built-in message uses, protocol contents is the outgoing interface information of I/O plate), send to the 2nd I/O plate by the second virtual switch,
C), the 2nd I/O plate receives after this built-in message, message is resolved, get outgoing interface (external port) information of the 2nd I/O plate, and according to the MAC Address of the external port (the second external port) of two layers of FW plate that can reach of outgoing interface of the outgoing interface information searching of the 2nd I/O plate and the 2nd I/O plate, by the MAC Address of the message through operation layer processing carrying in this built-in message and the second external port of the FW plate finding, generate a corresponding FW stream rule, in this FW stream rule, comprise for the above-mentioned identification information through data flow corresponding to the message of operation layer processing of unique identification, and the MAC Address of the second external port of FW plate.The 2nd I/O plate sends to FW plate by this FW stream rule by inner port,, sends via the 3rd virtual switch from Physical NIC2 by the outgoing interface parsing then by the built-in message removal built-in message head receiving, and by the message obtaining.
2, same data flow subsequent packet flow process
A), the first virtual switch receives the message of Physical NIC1, according to the vSwitch stream rule of this message inquiry self storage, due to this message subsequent packet that is above-mentioned data flow, therefore, the first virtual switch can match corresponding vSwitch stream rule according to this message, and can, according to this vSwitch stream rule, this message directly be sent to FW plate by the first external port of FW plate;
B), FW plate receives after the message of the first virtual switch forwarding, analytic message, then give operation layer processing by this message, in the time that operation layer is handled the message that need to forward this process operation layer processing, according to the FW stream rule of this inquiry of message through operation layer processing self storage, due to this message subsequent packet that is above-mentioned data flow, therefore, FW can match corresponding FW stream rule according to the message of this process operation layer processing, and can will directly forward to outside by the second external port through the message of operation layer processing according to this FW stream rule.
Through above-mentioned flow processing, in this embodiment, the schematic diagram of message repeating can be as shown in Figure 3.
Known by above description, in the technical scheme providing in the embodiment of the present invention, in the time that the first virtual switch receives message, this first virtual switch is according to the first kind stream rule of this message inquiry self storage, and in the time matching corresponding first kind stream rule, give corresponding service processing board according to this first kind stream rule by this first message repeating; When service processing board receives message, and this message is carried out after Business Processing, service processing board is according to the Second Type stream rule of this inquiry of message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule, improved the message repeating efficiency of virtual unit on virtual platform.
As shown in Figure 4, the structural representation of a kind of virtual unit providing for the embodiment of the present invention, this virtual unit comprises first interface plate 41, service processing board 42, the second interface board 43, the first virtual switch 44, the second virtual switch 45, and the 3rd virtual switch 46, wherein, described first interface plate 41 is for receiving external data by the first virtual switch 44, described the second interface board 43 is for forwarding described service processing board 42 data after treatment by the 3rd virtual switch 46 to outside, described the second virtual switch 45 is for described first interface plate 41, internal data between the second interface board 43 and service processing board 42 forwards, wherein:
Described the first virtual switch 44 for, regular according to the first kind stream of this message inquiry self storage in the time receiving message, and in the time matching corresponding first kind stream rule, give corresponding service processing board according to this first kind stream rule by this first message repeating;
Described service processing board 42 for, when receiving message, and this message is carried out after operation layer processing, according to the Second Type stream rule of the described inquiry of the message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule.
Wherein, described the first virtual switch 44 also for, when do not match corresponding first kind stream rule according to the message receiving, forward the packet to first interface plate, by described first interface plate, this message is encapsulated as to built-in message, and is transmitted to corresponding service processing board by inner port;
Described service processing board 42 also for, in the time receiving described built-in message, obtain the media interviews control MAC Address of the external port of the first interface plate carrying in described built-in message, and the MAC Address of the first external port of two layers of described service processing board that can reach of external port of definite and described first interface plate; According to the MAC Address of the heading of the original message carrying in described built-in message and described the first external port, generate corresponding first kind stream rule, the identification information that comprises the data flow corresponding for original message described in unique identification in this first kind stream rule, and the MAC Address of described the first external port; This first kind stream rule is sent to described the first virtual switch by described the first external port, so that described the first virtual switch is stored this first kind stream rule.
Wherein, described service processing board 42 also for, in the time that this first kind stream rule is sent to described the first virtual switch by described the first external port, send this first kind to described the first virtual switch and flow regular time-out time simultaneously, so that described the first virtual switch is regular when overtime at this first kind stream, delete this first kind stream rule of self storage.
Wherein, described service processing board 42 also for, when do not match corresponding Second Type stream rule according to the described message through operation layer processing, be encapsulated as built-in message by described through operation layer message after treatment, and be transmitted to the second corresponding interface board by inner port;
Described the second interface board 43 for, in the time receiving described built-in message, obtain the media interviews control MAC Address of the external port of the second interface board carrying in described built-in message, and the MAC Address of the second external port of two layers of described service processing board that can reach of external port of definite and described the second interface board; According to the described MAC Address through operation layer message after treatment and described the second external port of carrying in described built-in message, generate corresponding Second Type stream rule, in this Second Type stream rule, comprise for the identification information through data flow corresponding to operation layer message after treatment described in unique identification, and the MAC Address of described the second external port; This Second Type stream rule is sent to described service processing board, so that described service processing board is stored this Second Type stream rule.
Wherein, described the second interface board 43 also for, in the time that this Second Type stream rule is sent to described service processing board, send this Second Type to described service processing board and flow regular time-out time simultaneously, so that described service processing board is regular when overtime at this Second Type stream, delete this Second Type stream rule of self storage.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions (can be mobile phones in order to make a station terminal equipment, personal computer, server, or the network equipment etc.) carry out the method described in each embodiment of the present invention.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
Claims (10)
1. a message forwarding method, be applied to and comprise first interface plate, service processing board, the second interface board, the first virtual switch, the second virtual switch, and the virtual unit of the 3rd virtual switch, described first interface plate is for receiving external data by the first virtual switch, described the second interface board is for forwarding data after treatment described service processing board by the 3rd virtual switch to outside, described the second virtual switch is for described first interface plate, internal data between the second interface board and service processing board forwards, it is characterized in that, the method comprises:
In the time that the first virtual switch receives message, described the first virtual switch is according to the first kind stream rule of this message inquiry self storage, and in the time matching corresponding first kind stream rule, forward the packet to corresponding service processing board according to this first kind stream rule;
When service processing board receives message, and this message is carried out after operation layer processing, described service processing board is according to the Second Type stream rule of the described inquiry of the message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule.
2. the method for claim 1, is characterized in that, the method also comprises:
In the time that described the first virtual switch does not match corresponding first kind stream rule according to the message receiving, described the first virtual switch forwards the packet to first interface plate, by described first interface plate, this message is encapsulated as to built-in message, and is transmitted to corresponding service processing board by inner port;
The service processing board that receives described built-in message obtains the media interviews control MAC Address of the external port of the first interface plate carrying in described built-in message, and the MAC Address of the first external port of two layers of this service processing board that can reach of external port of definite and described first interface plate;
This service processing board is according to the MAC Address of the heading of the original message carrying in described built-in message and described the first external port, generate corresponding first kind stream rule, the identification information that comprises the data flow corresponding for original message described in unique identification in this first kind stream rule, and the MAC Address of described the first external port;
This service processing board sends to described the first virtual switch by this first kind stream rule by described the first external port, so that described the first virtual switch is stored this first kind stream rule.
3. method as claimed in claim 2, it is characterized in that, when described service processing board sends to described the first virtual switch by this first kind stream rule by described the first external port, described service processing board sends this first kind to described the first virtual switch and flows regular time-out time simultaneously, so that described the first virtual switch is regular when overtime at this first kind stream, delete this first kind stream rule of self storage.
4. the method for claim 1, is characterized in that, the method also comprises:
In the time that described service processing board does not match corresponding Second Type stream rule according to the described message through operation layer processing, described service processing board is encapsulated as built-in message by described through operation layer message after treatment, and is transmitted to the second corresponding interface board by inner port;
The second interface board that receives described built-in message obtains the media interviews control MAC Address of the external port of the second interface board carrying in described built-in message, and the MAC Address of the second external port of two layers of described service processing board that can reach of external port of definite and this second interface board;
This second interface board is according to the described MAC Address through operation layer message after treatment and described the second external port of carrying in described built-in message, generate corresponding Second Type stream rule, in this Second Type stream rule, comprise for the identification information through data flow corresponding to operation layer message after treatment described in unique identification, and the MAC Address of described the second external port;
This Second Type stream rule is sent to described service processing board by this second interface board, so that described service processing board is stored this Second Type stream rule.
5. method as claimed in claim 4, it is characterized in that, when this Second Type stream rule is sent to described service processing board by described the second interface board, described the second interface board sends this Second Type to described service processing board and flows regular time-out time simultaneously, so that described service processing board is regular when overtime at this Second Type stream, delete this Second Type stream rule of self storage.
6. a virtual unit, comprise first interface plate, service processing board, the second interface board, the first virtual switch, the second virtual switch, and the 3rd virtual switch, wherein, described first interface plate is for receiving external data by the first virtual switch, described the second interface board is for forwarding data after treatment described service processing board by the 3rd virtual switch to outside, described the second virtual switch forwards for the internal data between described first interface plate, the second interface board and service processing board, it is characterized in that
Described the first virtual switch is used for, regular according to the first kind stream of this message inquiry self storage in the time receiving message, and in the time matching corresponding first kind stream rule, give corresponding service processing board according to this first kind stream rule by this first message repeating;
Described service processing board is used for, when receiving message, and this message is carried out after operation layer processing, according to the Second Type stream rule of the described inquiry of the message through operation layer processing self storage, and in the time matching corresponding Second Type stream rule, this message through operation layer processing is forwarded from external port corresponding to this Second Type stream rule.
7. virtual switch equipment as claimed in claim 6, is characterized in that,
Described the first virtual switch also for, when do not match corresponding first kind stream rule according to the message receiving, forward the packet to first interface plate, by described first interface plate, this message is encapsulated as to built-in message, and is transmitted to corresponding service processing board by inner port;
Described service processing board also for, in the time receiving described built-in message, obtain the media interviews control MAC Address of the external port of the first interface plate carrying in described built-in message, and the MAC Address of the first external port of two layers of described service processing board that can reach of external port of definite and described first interface plate; According to the MAC Address of the heading of the original message carrying in described built-in message and described the first external port, generate corresponding first kind stream rule, the identification information that comprises the data flow corresponding for original message described in unique identification in this first kind stream rule, and the MAC Address of described the first external port; This first kind stream rule is sent to described the first virtual switch by described the first external port, so that described the first virtual switch is stored this first kind stream rule.
8. virtual unit as claimed in claim 7, is characterized in that,
Described service processing board also for, in the time that this first kind stream rule is sent to described the first virtual switch by described the first external port, send this first kind to described the first virtual switch and flow regular time-out time simultaneously, so that described the first virtual switch is regular when overtime at this first kind stream, delete this first kind stream rule of self storage.
9. virtual unit as claimed in claim 6, is characterized in that,
Described service processing board also for, when do not match corresponding Second Type stream rule according to the described message through operation layer processing, be encapsulated as built-in message by described through operation layer message after treatment, and be transmitted to the second corresponding interface board by inner port;
Described the second interface board is used for, in the time receiving described built-in message, obtain the media interviews control MAC Address of the external port of the second interface board carrying in described built-in message, and the MAC Address of the second external port of two layers of described service processing board that can reach of external port of definite and described the second interface board; According to the described MAC Address through operation layer message after treatment and described the second external port of carrying in described built-in message, generate corresponding Second Type stream rule, in this Second Type stream rule, comprise for the identification information through data flow corresponding to operation layer message after treatment described in unique identification, and the MAC Address of described the second external port; This Second Type stream rule is sent to described service processing board, so that described service processing board is stored this Second Type stream rule.
10. virtual unit as claimed in claim 9, is characterized in that,
Described the second interface board also for, in the time that this Second Type stream rule is sent to described service processing board, send this Second Type to described service processing board and flow regular time-out time simultaneously, so that described service processing board is regular when overtime at this Second Type stream, delete this Second Type stream rule of self storage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410029683.3A CN103795622B (en) | 2014-01-22 | 2014-01-22 | Message forwarding method and device using same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410029683.3A CN103795622B (en) | 2014-01-22 | 2014-01-22 | Message forwarding method and device using same |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103795622A true CN103795622A (en) | 2014-05-14 |
| CN103795622B CN103795622B (en) | 2017-02-15 |
Family
ID=50670938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410029683.3A Active CN103795622B (en) | 2014-01-22 | 2014-01-22 | Message forwarding method and device using same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103795622B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601467A (en) * | 2014-12-31 | 2015-05-06 | 华为技术有限公司 | Method and device for sending messages |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| CN106797351A (en) * | 2014-07-21 | 2017-05-31 | 大交换机网络股份有限公司 | Use the system and method for controller execution logic forwarded |
| CN107147574A (en) * | 2016-03-01 | 2017-09-08 | 深圳市深信服电子科技有限公司 | Message forwarding method and system based on distributed virtual router |
| CN110011941A (en) * | 2019-03-18 | 2019-07-12 | 新华三信息安全技术有限公司 | A kind of message forwarding method and equipment |
| CN110311868A (en) * | 2019-07-08 | 2019-10-08 | 新华三信息安全技术有限公司 | Method for processing business, device, member device and machine readable storage medium |
| CN111698177A (en) * | 2020-04-23 | 2020-09-22 | 新华三技术有限公司 | Message processing method and device |
| CN113194020A (en) * | 2021-05-24 | 2021-07-30 | 上海层峰网络科技有限公司 | Virtual network interaction method and virtual network architecture |
| CN113992592A (en) * | 2021-10-27 | 2022-01-28 | 锐捷网络股份有限公司 | Message forwarding method and device, port drainage system and storage medium |
| CN114079634A (en) * | 2020-08-21 | 2022-02-22 | 深圳市中兴微电子技术有限公司 | Message forwarding method and device and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480410A (en) * | 2010-11-22 | 2012-05-30 | 杭州华三通信技术有限公司 | Single board for centralized business processing and virtualized resource dividing method |
| US20120147898A1 (en) * | 2010-07-06 | 2012-06-14 | Teemu Koponen | Network control apparatus and method for creating and modifying logical switching elements |
| CN102752219A (en) * | 2012-07-18 | 2012-10-24 | 杭州华三通信技术有限公司 | Method for implementing virtual device (VD) interconnection and switching equipment |
| CN102946354A (en) * | 2012-11-15 | 2013-02-27 | 华为技术有限公司 | Message forwarding method and device and network equipment thereof |
-
2014
- 2014-01-22 CN CN201410029683.3A patent/CN103795622B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120147898A1 (en) * | 2010-07-06 | 2012-06-14 | Teemu Koponen | Network control apparatus and method for creating and modifying logical switching elements |
| CN102480410A (en) * | 2010-11-22 | 2012-05-30 | 杭州华三通信技术有限公司 | Single board for centralized business processing and virtualized resource dividing method |
| CN102752219A (en) * | 2012-07-18 | 2012-10-24 | 杭州华三通信技术有限公司 | Method for implementing virtual device (VD) interconnection and switching equipment |
| CN102946354A (en) * | 2012-11-15 | 2013-02-27 | 华为技术有限公司 | Message forwarding method and device and network equipment thereof |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106797351A (en) * | 2014-07-21 | 2017-05-31 | 大交换机网络股份有限公司 | Use the system and method for controller execution logic forwarded |
| CN106797351B (en) * | 2014-07-21 | 2020-05-19 | 大交换机网络股份有限公司 | System and method for performing logical network forwarding using a controller |
| CN104601467B (en) * | 2014-12-31 | 2018-03-13 | 华为技术有限公司 | A kind of method and apparatus for sending message |
| CN104601467A (en) * | 2014-12-31 | 2015-05-06 | 华为技术有限公司 | Method and device for sending messages |
| CN107147574A (en) * | 2016-03-01 | 2017-09-08 | 深圳市深信服电子科技有限公司 | Message forwarding method and system based on distributed virtual router |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| CN110011941A (en) * | 2019-03-18 | 2019-07-12 | 新华三信息安全技术有限公司 | A kind of message forwarding method and equipment |
| CN110311868B (en) * | 2019-07-08 | 2021-09-21 | 新华三信息安全技术有限公司 | Service processing method, device, member equipment and machine-readable storage medium |
| CN110311868A (en) * | 2019-07-08 | 2019-10-08 | 新华三信息安全技术有限公司 | Method for processing business, device, member device and machine readable storage medium |
| CN111698177A (en) * | 2020-04-23 | 2020-09-22 | 新华三技术有限公司 | Message processing method and device |
| CN111698177B (en) * | 2020-04-23 | 2022-10-21 | 新华三技术有限公司 | Message processing method and device |
| CN114079634A (en) * | 2020-08-21 | 2022-02-22 | 深圳市中兴微电子技术有限公司 | Message forwarding method and device and computer readable storage medium |
| CN114079634B (en) * | 2020-08-21 | 2024-03-12 | 深圳市中兴微电子技术有限公司 | Message forwarding method and device and computer readable storage medium |
| CN113194020A (en) * | 2021-05-24 | 2021-07-30 | 上海层峰网络科技有限公司 | Virtual network interaction method and virtual network architecture |
| CN113992592A (en) * | 2021-10-27 | 2022-01-28 | 锐捷网络股份有限公司 | Message forwarding method and device, port drainage system and storage medium |
| CN113992592B (en) * | 2021-10-27 | 2023-11-17 | 锐捷网络股份有限公司 | Message forwarding method and device, port drainage system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103795622B (en) | 2017-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103795622A (en) | Message forwarding method and device using same | |
| US10581700B2 (en) | Service flow processing method, apparatus, and device | |
| EP3223481B1 (en) | Packet processing system and method | |
| US9674080B2 (en) | Proxy for port to service instance mapping | |
| CN108737224B (en) | Message processing method and device based on micro-service architecture | |
| KR20170106351A (en) | METHOD, APPARATUS AND SYSTEM FOR PROVIDING ATTACK DATA DATA | |
| CN106878482B (en) | Network address translation method and device | |
| CN109981493B (en) | Method and device for configuring virtual machine network | |
| CN107547242B (en) | The acquisition methods and device of VM configuration information | |
| CN105379206B (en) | Message processing method, forwarding device and message handling system in network | |
| EP3367612A1 (en) | Dial testing method, dial testing system, and compute node | |
| CN106506515B (en) | Authentication method and device | |
| CN1946061B (en) | Method and device for fast processing message | |
| US10243799B2 (en) | Method, apparatus and system for virtualizing a policy and charging rules function | |
| CN104994022B (en) | A kind of method and business board of message transmissions | |
| CN105472023A (en) | Method and device for remote direct memory access | |
| US11050661B2 (en) | Creating an aggregation group | |
| CN106921578A (en) | The generation method and device of a kind of forwarding-table item | |
| CN103916320A (en) | Method and device for message processing after cross-network relocation of VM device | |
| CN102148715A (en) | Method and device for virtual network configuration migration | |
| CN106878052B (en) | User migration method and device | |
| CN104301446A (en) | Message processing method, switch device and system | |
| CN108540408B (en) | Openstack-based distributed virtual switch management method and system | |
| CN107547680B (en) | Data processing method and device | |
| US20170289026A1 (en) | Switch processing method, controller, switch, and switch processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |